Tor’s Bug Smash Fund: Help Tor smash all the bugs!

by al | August 1, 2019

Say hello to our Bug Smash Fund.

When you are building software, your work is not always about adding new features; often, it's about fixing bugs. We know that our community understands it’s very important to fix bugs we encounter in our software—especially bugs that create security problems. But it can be hard to raise money for this type of work, since maintenance is not as exciting as a cool new feature. That’s why we decided to create our Bug Smash Fund.

The goal of the Bug Smash Fund is to increase the Tor Project’s reserve of funds that allow us to complete maintenance work and smash the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.

When we say maintenance and bugs, we are talking about work that is critical—and that we must pay for. This work includes responding quickly to security bugs, improving test coverage, and keeping up with Mozilla’s ESRs. An entire ecosystem relies on us doing so.

Every donation Tor receives during the month of August will count towards this fund. You can help us be prepared for what bugs may come, and in turn, we can better help keep millions of people around the world safe online and an entire ecosystem of tools healthy.

Tor Bug Smash Fund

Support Rapid Response & Emergency Releases

Security bugs happen. We can’t predict when they will happen, but it is inevitable that issues will arise. Our top priority is to smash these bugs as quickly as possible when they are discovered and respond with emergency releases. Sometimes this means diverting our attention from grant-funded projects, and we must use unrestricted funds to pay for this developer time.

Here are some examples of what an emergency release looks like, why these issues happen, and what we’ve done in the past to address them:

Your donation to the Bug Smash Fund will go in part towards rapid responses to security issues like these.

Support Keeping up with Firefox ESRs

Because Tor Browser is built on top of Mozilla Firefox, when new ESRs are released, the Tor Browser team must evaluate changes to Firefox, weigh their privacy and anonymity implications, and modify or disable features that may compromise our users.

You can get a feeling of how this work is welcomed by our community from the reactions on social media and in the news when we adopted the Firefox Quantum ESR.

Keeping up with ESRs means that Tor Browser users get the user experience improvements of Firefox, and that the Tor team can upstream privacy improvements to Firefox. This work is a regular part of maintaining Tor Browser—and it must happen regularly.

Your donation to the Bug Smash Fund will go in part towards keeping Tor Browser in line with current ESRs.

donate-button

From August 1 through August 31, any donation that comes to the Tor Project will go towards the Bug Smash Fund and be earmarked for these bugs and maintenance projects.

Want to keep up with the work we’re doing with this fund? There are three ways: (1) Follow the “BugSmashFund” trac ticket tag, (2) watch this blog for updates about the progress of these tickets, and (3) make a donation and opt in for our newsletter to get updates directly to your inbox.

Want to contribute anonymously, with cryptocurrency, or by mail? Here’s how.

Want to ask a question or learn more about supporting the Tor Project? You can email us at giving@torproject.org

 


 

Thanks to fontvir.us for the font in our images.

Comments

Please note that the comment area below has been archived.

August 04, 2019

Permalink

The bug smash fund sounds like a great idea - well done!

One comment though:
"Our top priority is to smash these bugs as quickly as possible when they are discovered and respond with emergency releases."

In an ideal world the Tor Project would also have resources to pro-actively seek out bugs, not just wait for them to surface.